Setting Up a Secure Reverse Proxy
Before setting up secure reverse proxying, you should be familiar with digital certificates, Certificate Authorities, and authentication.
Setting up a secure reverse proxy is almost the same as setting up an insecure reverse proxy. The only difference is that you need to specify HTTPS as the protocol for the files to be encrypted.
Secure Client-to-Proxy
This procedure explains how to set up your secure reverse proxy according to the configuration scenario you choose. To demonstrate how to set up mappings, the instructions suppose that you have a web server called http.site.com and that you want to set up a secure reverse proxy server called proxy.site.com. When following the steps, substitute the name of your web server and proxy for the example names used in the directions.
To Set Up a Secure Client-to-Proxy Mapping
-
Access the Server Manager, and click the URLs tab.
-
Click the Create Mapping link.
The Create Mapping page is displayed.
-
In the page that appears, set up regular and reverse mappings in the following manner:
Regular mapping:
Source prefix: https://proxy.mysite.com
Source destination: http://http.mysite.com/
Reverse mapping:
Source prefix: http://http.mysite.com/
Source destination: https://proxy.mysite.com/
-
Save and apply your changes.
To see the mappings you just created, click the View/Edit Mappings link.
Note –This configuration will only work if your proxy server is running in secure mode. In other words, encryption must be enabled and the proxy must be restarted from the command line. To restart the proxy from the command line, go to the proxy directory and type ./start.
To Set Up a Secure Proxy-to-Content Server Mapping
-
Access the Server Manager, and click the URLs tab.
-
Click the Create Mapping link.
The Create Mapping page is displayed.
-
In the page that appears, set up regular and reverse mappings in the following manner:
Regular mapping:
Source prefix: http://proxy.mysite.com
Source destination: https://http.mysite.com/
Reverse mapping:
Source prefix: https://http.mysite.com/
Source destination: http://proxy.mysite.com/
-
Save and Apply your changes.
To see the mappings you just created, click the link called View/Edit Mappings.
Note –This configuration will only work if your content server is running in secure mode.
To Set up Secure Client-to-Proxy and Secure Proxy-to-Content
Server
-
Access the Server Manager, and click the URLs tab.
-
Click the Create Mapping link.
The Create Mapping page is displayed.
-
In the page that appears, set up regular and reverse mappings in the following manner:
Regular mapping:
Source prefix: https://proxy.mysite.com
Source destination: https://http.mysite.com/
Reverse mapping:
Source prefix: https://http.mysite.com/
Source destination: https://proxy.mysite.com/
-
Save and Apply your changes.
To see the mappings you just created, click the link called View/Edit Mappings.
Note –This configuration will only work if your proxy server and content server are running in secure mode. In other words, for the proxy, encryption must be enabled and the proxy must be restarted from the command line. To restart the proxy from the command line, go to the proxy directory and type ./restart.
Disabling the Forward Proxying Feature in a Reverse Proxy Setup
A proxy server instance, when configured as a reverse proxy server, by default does not stop functioning as a forward proxy server. Such a server instance accepts and serves reverse proxy requests as well as forward proxy requests. Further configuration is required to disable the forward proxying feature. You can set up an ACL configuration that denies requests whose URI matches forward proxy format. You can use a Client directive for this purpose:
<Client uri="http://.*"> PathCheck fn="check-acl" acl="http://.*" <Client> . . . The "http://.*" ACL can be a deny all ACL as follows: . . acl "http://.*"; deny (all) user="anyone";
- © 2010, Oracle Corporation and/or its affiliates